gamzinav/haproxy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

CLEANUP: examples: remove obsolete configuration file samples

Browse Source 
This removes the obsolete CTTPROXY configuration, the tarpit example,
and the pre-content switching example involving 3 layers and cookie
rewriting to emulate the use_backend feature... (9 years old).
This commit is contained in:
Willy Tarreau 2015-10-13 15:22:59 +02:00
parent 27232d6ff1
commit ae4865d802
5 changed files with 0 additions and 489 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

63
examples/cttproxy-src.cfg
View File

@ -1,63 +0,0 @@
#
# test tproxy
#
# ip a a 2.0.0.1/16 dev eth0
# ip a a 1.0.0.1/16 dev eth1
# ip li set eth1 up
#
# sudo rmmod -r iptable_tproxy
# modprobe ip_conntrack hashsize=65536
# modprobe iptable_tproxy hashsize=65536
# or :
# sudo insmod net/ipv4/netfilter/ip_conntrack.o hashsize=65536;sudo insmod net/ipv4/netfilter/iptable_nat.o;sudo insmod net/ipv4/netfilter/iptable_tproxy.o hashsize=65536
# This is a test configuration.
# It must load-balance across active servers. Check local apache logs to
# verify :
#
# tail /var/log/apache/access_log
global
maxconn 10000
listen sample1
mode http
option httplog
option dontlognull
retries 1
redispatch
contimeout 5000
clitimeout 5000
srvtimeout 5000
maxconn 40000
bind 1.0.0.1:8081
balance roundrobin
server srv1 10.0.3.2:80 cookie s0 source 10.0.3.1 usesrc 1.0.0.3
#server srv1 10.0.3.2:80 cookie s0 source 10.0.3.1 usesrc client
#server srv1 10.0.3.2:80 cookie s0 source 127.0.0.1 usesrc clientip
#server srv1 10.0.3.2:80 cookie s0 source 10.0.3.1 usesrc client check inter 1000
option httpclose
#errorloc 503 /503
listen sample1
mode http
option httplog
option dontlognull
retries 1
redispatch
contimeout 5000
clitimeout 5000
srvtimeout 5000
maxconn 40000
bind 1.0.0.1:8082
balance roundrobin
server srv1 10.0.3.2:80 cookie s0 source 10.0.3.1
#server srv1 10.0.3.2:80 cookie s0 source 10.0.3.1 usesrc client check inter 1000
option httpclose
#errorloc 503 /503

154
examples/examples.cfg
View File

@ -1,154 +0,0 @@
global
log 127.0.0.1 local0
# log 127.0.0.1 local1
maxconn 4000
ulimit-n 8000
uid 0
gid 0
# chroot /tmp
# nbproc 2
# daemon
# debug
# quiet
listen proxy1 0.0.0.0:8000
mode http
# source 127.0.0.2:0
# log 127.0.0.1 local0
# log 127.0.0.1 local1
log global
#mode tcp
cookie SERVERID insert indirect
balance roundrobin
#dispatch 127.0.0.1:3130
#dispatch 127.0.0.1:31300
#dispatch 127.0.0.1:80
#dispatch 127.0.0.1:22
option httpchk
server test 10.1.1.2:80 cookie cookie1 check inter 300
# server nc 127.0.0.1:8080 cookie cookie1 check inter 300
# server tuxlocal0 10.101.23.9:80 cookie cookie1 check
# server tuxlocal1 127.0.0.1:80 cookie cookie1 check
# server tuxlocal2 127.0.0.1:80 cookie cookie2 check
# server tuxlocal3 127.0.0.1:80 cookie cookie3 check
# server tuxlocal4 127.0.0.1:80 cookie cookie4 check
# server vax 10.101.14.1:80 cookie cookie1 check
#server tuxceleron 10.101.0.1:80 cookie cookie2 check
#server telnet 127.0.0.1:23
#server ssh 127.0.0.1:22
#server local 127.0.0.1:3130 cookie cookie3 check
#server ko 127.0.0.1:0 cookie cookie3 check
#server local 127.0.0.1:8001 cookie cookie3 check
#server local 127.0.0.1:3130
#server celeron 10.101.0.1:80 cookie srv1
#server celeron 10.101.0.1:31300
#server local 10.101.23.9:31300
contimeout 3000
clitimeout 150000
srvtimeout 150000
maxconn 60000
redispatch
retries 3
grace 3000
#rsprep ^Server.* Server:\ IIS
#rspdel ^Server.*
#rspadd Set-Cookie:\ mycookie=0;\ path=/
#rsprep ^(Date:\ )([^,]*)(,\ )(.*) LaDate\ est:\ \4\ (\2)
# force connection:close
#reqidel ^Connection:
#rspidel ^Connection:
#reqadd Connection:\ close
#rspadd Connection:\ close
# processing options
#option keepalive
option forwardfor
option httplog
option dontlognull
# reqirep ^(Test:\ ) \0_toto_\1_toto
# reqidel ^X-Forwarded-for:
# reqirep ^(GET|POST)\ .* \0
# reqirep ^(Host:|Connection:|User-agent:|Cookie:)\ .* \0
# reqideny ^
listen proxy1 0.0.0.0:8001
mode http
#mode tcp
dispatch 127.0.0.1:80
#dispatch 127.0.0.1:31300
#dispatch 127.0.0.1:80
#dispatch 127.0.0.1:22
#server tuxlocal 127.0.0.1:80 cookie cookie1 check
#server tuxceleron 10.101.0.1:80 cookie cookie2 check
#server telnet 127.0.0.1:23
#server ssh 127.0.0.1:22
#server local 127.0.0.1:3130 cookie cookie3 check
#server local 127.0.0.1:3130
#server celeron 10.101.0.1:80 cookie srv1
#server celeron 10.101.0.1:31300
#server local 10.101.23.9:31300
contimeout 3000
clitimeout 150000
srvtimeout 150000
maxconn 60000
redispatch
retries 3
grace 3000
#rsprep ^Server.* Server:\ IIS
#rspdel ^Server.*
rspadd Set-Cookie:\ SERVERID=12345678;\ path=/
#rsprep ^(Date:\ )([^,]*)(,\ )(.*) LaDate\ est:\ \4\ (\2)
listen proxy1 0.0.0.0:3128
disabled
mode http
cookie SERVERID insert indirect
#dispatch 127.0.0.1:8080
server srv1 127.0.0.1:8080
#server srv2 192.168.12.3:8080
contimeout 3000
clitimeout 450000
srvtimeout 450000
maxconn 60000
redispatch
retries 3
grace 3000
rspdel ^Via:.*
monitor-net 192.168.12.252/30
listen proxy2 0.0.0.0:3129
disabled
mode http
transparent
# dispatch 127.0.0.1:80
contimeout 3000
clitimeout 150000
srvtimeout 150000
maxconn 60000
retries 3
grace 3000
# log 10.101.11.1 local1
# log 10.101.11.1 local2
# cliexp ^(.*ASPSESSIONID.*=)(.*) \1FENICGGCBECLFFEEOAEAIFGF
# cliexp ^(GET.*)(.free.fr)(.*) \1.online.fr\3
# cliexp ^(POST.*)(.free.fr)(.*) \1.online.fr\3
# cliexp ^Proxy-Connection:.* Proxy-Connection:\ close
# srvexp ^(Location:\ )([^:]*://[^/]*)(.*) \1\3
listen health 0.0.0.0:3130
mode health
clitimeout 1500
srvtimeout 1500
maxconn 6000
grace 0
listen health 0.0.0.0:31300
mode health
option httpchk
clitimeout 1500
srvtimeout 1500
maxconn 6000
grace 0

80
examples/haproxy.cfg
View File

@ -1,80 +0,0 @@
# this config needs haproxy-1.1.28 or haproxy-1.2.1
global
log 127.0.0.1 local0
log 127.0.0.1 local1 notice
#log loghost local0 info
maxconn 4096
chroot /usr/share/haproxy
uid 99
gid 99
daemon
#debug
#quiet
defaults
log global
mode http
option httplog
option dontlognull
retries 3
redispatch
maxconn 2000
contimeout 5000
clitimeout 50000
srvtimeout 50000
listen appli1-rewrite 0.0.0.0:10001
cookie SERVERID rewrite
balance roundrobin
server app1_1 192.168.34.23:8080 cookie app1inst1 check inter 2000 rise 2 fall 5
server app1_2 192.168.34.32:8080 cookie app1inst2 check inter 2000 rise 2 fall 5
server app1_3 192.168.34.27:8080 cookie app1inst3 check inter 2000 rise 2 fall 5
server app1_4 192.168.34.42:8080 cookie app1inst4 check inter 2000 rise 2 fall 5
listen appli2-insert 0.0.0.0:10002
option httpchk
balance roundrobin
cookie SERVERID insert indirect nocache
server inst1 192.168.114.56:80 cookie server01 check inter 2000 fall 3
server inst2 192.168.114.56:81 cookie server02 check inter 2000 fall 3
capture cookie vgnvisitor= len 32
option httpclose # disable keep-alive
rspidel ^Set-cookie:\ IP= # do not let this cookie tell our internal IP address
listen appli3-relais 0.0.0.0:10003
dispatch 192.168.135.17:80
listen appli4-backup 0.0.0.0:10004
option httpchk /index.html
option persist
balance roundrobin
server inst1 192.168.114.56:80 check inter 2000 fall 3
server inst2 192.168.114.56:81 check inter 2000 fall 3 backup
listen ssl-relay 0.0.0.0:8443
option ssl-hello-chk
balance source
server inst1 192.168.110.56:443 check inter 2000 fall 3
server inst2 192.168.110.57:443 check inter 2000 fall 3
server back1 192.168.120.58:443 backup
listen appli5-backup 0.0.0.0:10005
option httpchk *
balance roundrobin
cookie SERVERID insert indirect nocache
server inst1 192.168.114.56:80 cookie server01 check inter 2000 fall 3
server inst2 192.168.114.56:81 cookie server02 check inter 2000 fall 3
server inst3 192.168.114.57:80 backup check inter 2000 fall 3
capture cookie ASPSESSION len 32
srvtimeout 20000
option httpclose # disable keep-alive
option checkcache # block response if set-cookie & cacheable
rspidel ^Set-cookie:\ IP= # do not let this cookie tell our internal IP address
errorloc 502 http://192.168.114.58/error502.html
errorfile 503 /etc/haproxy/errors/503.http

72
examples/tarpit.cfg
View File

@ -1,72 +0,0 @@
# This configuration is an example of how to use connection tarpitting based
# on invalid requests.
global
daemon
log 127.0.0.1 local0
listen frontend 0.0.0.0:80
mode http
option httplog
log global
maxconn 10000
# do not log requests with no data
option dontlognull
# log as soon as the server starts to respond, an do not wait for the
# end of the data transfer.
option logasap
# disable keep-alive
option httpclose
# load balancing mode set to round-robin
balance roundrobin
# the maxconn 150 below means 150 connections maximum will be used
# on apache, the remaining ones will be queued.
server apache1 127.0.0.1:80 maxconn 150
# use short timeouts for client and server
clitimeout 20000
srvtimeout 20000
# the connect timeout should be large because it will also be used
# to define the queue timeout and the tarpit timeout. It generally
# is a good idea to set it to the same value as both above, and it
# will improve performance when dealing with thousands of connections.
contimeout 20000
# retry only once when a valid connection fails because the server
# is overloaded.
retries 1
# You might want to enable this option if the attacks start
# targetting valid URLs.
# option abortonclose
# not needed anymore.
#capture request header X-Forwarded-For len 15
# and add a new 'X-Forwarded-For: IP'
option forwardfor
# how to access the status reporting web interface
stats uri /stat
stats auth stat:stat
# Request header and URI processing begins here.
# rename the 'X-Forwarded-For:' header as 'X-Forwarded-For2:'
reqirep ^(X-Forwarded-For:)(.*) X-Forwarded-For2:\2
#### Now check the URI for requests we want to tarpit ###
# We do not analyze headers, we just focus on the request
reqpass ^[^:\ ]*:
# Tarpit those URIs for any method
reqtarpit ^[^:\ ]*\ /invalid_req1
reqtarpit ^[^:\ ]*\ /cgi-bin/.*\.pl\?
reqitarpit ^[^:\ ]*\ /.*\.(dll|exe|asp)

120
examples/url-switching.cfg
View File

@ -1,120 +0,0 @@
#
# This configuration can be used as an example of how URL-switching may be
# implemented with current haproxy versions.
#
# Right now (version 1.2), haproxy can only select a server based on the cookie
# provided by the client. While this may sound limitated, it is yet possible to
# combine this feature to rewrites to provide full URL-switching capabilities.
#
# For this, we have to chain 3 levels :
# - front-end : will match the expected URIs and assign a cookie accordingly ;
# it uses regexps and could match on anything else (Host:,
# cookies, ...)
# - switch : will select a back-end depending on the cookie above
# - back-ends : will perform the load balancing between multiple servers for
# the same group. Note that this level can be omitted if there
# is only one server for each backend.
#
# Logging is performed at the lower level (back-ends) so that local server
# problems can be identified quickly with the timers. The client's IP is
# propagated in the X-Forwarded-For: header.
#
global
daemon
maxconn 6000 # warning: this has to be 3 times the expected value!
log 192.168.0.1 local0
defaults
mode http
balance roundrobin
option dontlognull
option httpclose
retries 1
redispatch
maxconn 2000
contimeout 5000
clitimeout 50000
srvtimeout 50000
#
# This is the instance the client connects to.
#
listen frontend 10.20.30.40:80
option forwardfor # add 'X-Forwarded-For: IP'
# remove an eventual 'backend' cookie the client might have sent
reqidel ^Cookie:\ backend=
# add cookie 'backend=2' for any HTTP method followed by
# '/img' only or '/img/' followed by anything.
reqirep ^[^:\ ]*\ /img[/\ ].* \0\nCookie:\ backend=2
# add cookie 'backend=3' for any HTTP method followed by
# '/home' only or '/home/' followed by anything.
reqirep ^[^:\ ]*\ /home[/\ ].* \0\nCookie:\ backend=3
# send everything to next stage
server switch 127.0.0.2:8000
#
# This instance is only seen by the 'frontend' instance above. It receives all
# of its traffic.
#
listen switch 127.0.0.2:8000
# cookie name 'backend' inserted by the 'frontend' instance above
cookie backend
# default server 'backend1' gets the default traffic.
server backend1 127.0.0.3:8001
# those servers get traffic only if their cookie is present because
# they are tagged 'backup'.
server backend2 127.0.0.3:8002 cookie 2 backup
server backend3 127.0.0.3:8003 cookie 3 backup
#
# Backend 1 for dynamic contents.
# It is made of 4 apache servers which we can test thanks to a CGI script.
#
listen backend1 127.0.0.3:8001
log global
option httplog
capture request header X-Forwarded-For len 15
option httpchk /cgi-bin/testhost.pl
server apache1 192.168.1.1:80 maxconn 100 check inter 2000 fall 3
server apache2 192.168.1.2:80 maxconn 100 check inter 2000 fall 3
server apache3 192.168.1.3:80 maxconn 100 check inter 2000 fall 3
server apache4 192.168.1.4:80 maxconn 100 check inter 2000 fall 3
#
# backend 2 for images (/img).
# It is made of 3 Tux servers which we test by requesting the /img/logo.png
# file which should be present when file-systems are mounted.
#
listen backend2 127.0.0.3:8002
log global
option httplog
capture request header X-Forwarded-For len 15
option httpchk /img/logo.png
server tux5 192.168.1.5:80 check inter 2000 fall 3
server tux6 192.168.1.6:80 check inter 2000 fall 3
server tux7 192.168.1.7:80 check inter 2000 fall 3
#
# backend 3 for home directories (/home). These are the same machines as for
# dynamic content, except that a different server is bound to another port.
# We test the service by checking that the file "/home/webmaster/started"
# exists.
#
listen backend3 127.0.0.3:8003
log global
option httplog
capture request header X-Forwarded-For len 15
option httpchk /home/webmaster/started
server light1 192.168.1.1:8080 check inter 2000 fall 3
server light2 192.168.1.2:8080 check inter 2000 fall 3
server light3 192.168.1.3:8080 check inter 2000 fall 3
server light4 192.168.1.4:8080 check inter 2000 fall 3